VYPR
Medium severity5.5NVD Advisory· Published Apr 17, 2024· Updated Jun 17, 2026

CVE-2024-26825

CVE-2024-26825

Description

In the Linux kernel, the following vulnerability has been resolved:

nfc: nci: free rx_data_reassembly skb on NCI device cleanup

rx_data_reassembly skb is stored during NCI data exchange for processing fragmented packets. It is dropped only when the last fragment is processed or when an NTF packet with NCI_OP_RF_DEACTIVATE_NTF opcode is received. However, the NCI device may be deallocated before that which leads to skb leak.

As by design the rx_data_reassembly skb is bound to the NCI device and nothing prevents the device to be freed before the skb is processed in some way and cleaned, free it on the NCI device cleanup.

Found by Linux Verification Center (linuxtesting.org) with Syzkaller.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

55

Patches

Vulnerability mechanics

References

10

News mentions

0

No linked articles in our index yet.